[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [pkcs11] Updated Proposal: Define CKA_CERTIFICATE_CATEGORY constants
On 6/26/2013 1:31 PM, Oscar K So Jr. wrote:
Stef, I have a few questions:1) According the defined value below, it has 0UL, 1UL, 2UL, 3UL, that says they cannot coexist.Would that be a good idea for it to be coexisted ? 0UL, 1UL, 2UL, 4UL ?
Probably not. These are enums not flags. OTHER_ENTITY and AUTHORITY (at least) are mutually exclusive.
2) I need some clarification of the term "CATEGORY", it does not seem to cover: Signing Certificate, Email Certificate...and etc. What is the definition of "CERTIFICATE_CATEGORY" here ? This term in seems to refer to the certificate's OWNERSHIP other than its category or types.3) Should we also consider including Registration Authority (RA), self-signed cert, CA Trusted Root cert, and etc ?
Oscar - stef's proposals match the current values described in table 23 and table 24. The "category" is "who do I belong to" rather than "what am i". A CA trusted root cert would have CKA_TRUSTED=true and CKA_CERTIFICATE_CATEGORY=CK_CERTIFICATE_CATEGORY_AUTHORITY (probably). You would differentiate between a trusted intermediary and a root cert by whether or not the cert was self-signed.
Best way to include your other items is to propose some names and text. Mike
Thanks, Oscar On 06/24/13 07:43 AM, Stef Walter wrote:Changed to use 'CK_XXXX' instead of 'CKV_' for the constant prefix. This is similar to the new OTP constants and other other odds and ends constants we have. Cheers, Stef 9.4 Object types *** New item to be added | o CK_CERTIFICATE_CATEGORY | | CK_CERTIFICATE_CATEGORY is a value that identifies a certificate | category. It is defined as follows: | | typedef CK_ULONG CK_CERTIFICATE_CATEGORY; | | For this version of Cryptoki, the following certificate categories | are defined: | | |------------------------------------------------------------------| | | Constant |Value| Meaning | | |------------------------------------------------------------------| | | CK_CERTIFICATE_CATEGORY_UNSPECIFIED | 0UL | No category | | | | | specified | | | CK_CERTIFICATE_CATEGORY_TOKEN_USER | 1UL | Certificate belongs | | | | | to owner of the | | | | | token | | | CK_CERTIFICATE_CATEGORY_AUTHORITY | 2UL | Certificate belongs | | | | | to a certificate | | | | | authority | | | CK_CERTIFICATE_CATEGORY_OTHER_ENTITY | 3UL | Certificate belongs | | | | | to a an end entity | | | | | (ie: not a CA) | | |------------------------------------------------------------------| 10.6.2 Overview *** table row to be updated | CKA_CERTIFICATE_CATEGORY CK_CERTIFICATE_CATEGORY Categorization of | the certificate. | (default CK_CERTIFICATE_CATEGORY_UNSPECIFIED) A Manifest Constants *** Lines to be added | #define CK_CERTIFICATE_CATEGORY_UNSPECIFIED 0UL | #define CK_CERTIFICATE_CATEGORY_TOKEN_USER 1UL | #define CK_CERTIFICATE_CATEGORY_AUTHORITY 2UL | #define CK_CERTIFICATE_CATEGORY_OTHER_ENTITY 3UL --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]